среда, 5 сентября 2012 г., 15:31:07 UTC+4 пользователь Bram Moolenaar написал:
> Patch 7.3.648
> Problem: Crash when using a very long file name. (ZyX)
> Solution: Properly check length of buffer space.
> Files: src/buffer.c
That actually did not fix the problem: gcc optimized build now behaves like
non-optimized one, thats all. I still get a crash where I was getting it before
(aurum, "AuDiff rev1 1 rev2 tip **"). And I still observe invalid number of
lines (1041 lines with last one truncated).
I don't get invalid number of lines if I replace "expand("<amatch>")" with
"bufname(+expand("<abuf>"))". Doing the same in aurum does not fix the crash.
Crash happens at the very end of "fileinfo" function from buffer.c. The
following patch seems to fix the crash:
# HG changeset patch
# User ZyX <[email protected]>
# Date 1346961521 -14400
# Node ID acfe7154579e02ff10e39d50fa2a9794eb2d3f0b
# Parent 1052677493beb941eab0d1e33d63c73ee4148350
Fixed how fileinfo handles long filenames
diff -r 1052677493be -r acfe7154579e src/buffer.c
--- a/src/buffer.c Wed Sep 05 19:17:17 2012 +0200
+++ b/src/buffer.c Thu Sep 06 23:58:16 2012 +0400
@@ -3041,6 +3041,7 @@
char_u *name;
int n;
char_u *p;
+ size_t psize;
char_u *buffer;
size_t len;
@@ -3052,13 +3053,17 @@
{
vim_snprintf((char *)buffer, IOSIZE, "buf %d: ", curbuf->b_fnum);
p = buffer + STRLEN(buffer);
+ psize = IOSIZE - (p-buffer);
}
else
+ {
p = buffer;
+ psize = IOSIZE;
+ }
*p++ = '"';
if (buf_spname(curbuf) != NULL)
- STRCPY(p, buf_spname(curbuf));
+ STRNCPY(p, buf_spname(curbuf), psize-1);
else
{
if (!fullname && curbuf->b_fname != NULL)
--
You received this message from the "vim_dev" maillist.
Do not top-post! Type your reply below the text you are replying to.
For more information, visit http://www.vim.org/maillist.php
*** /tmp/extdiff.pkjJ56/vim.1052677493be/src/buffer.c 2012-09-07 00:01:21.000000000 +0400
--- vim.acfe7154579e/src/buffer.c 2012-09-07 00:01:21.000000000 +0400
***************
*** 3041,3046 ****
--- 3041,3047 ----
char_u *name;
int n;
char_u *p;
+ size_t psize;
char_u *buffer;
size_t len;
***************
*** 3052,3064 ****
{
vim_snprintf((char *)buffer, IOSIZE, "buf %d: ", curbuf->b_fnum);
p = buffer + STRLEN(buffer);
}
else
p = buffer;
*p++ = '"';
if (buf_spname(curbuf) != NULL)
! STRCPY(p, buf_spname(curbuf));
else
{
if (!fullname && curbuf->b_fname != NULL)
--- 3053,3069 ----
{
vim_snprintf((char *)buffer, IOSIZE, "buf %d: ", curbuf->b_fnum);
p = buffer + STRLEN(buffer);
+ psize = IOSIZE - (p-buffer);
}
else
+ {
p = buffer;
+ psize = IOSIZE;
+ }
*p++ = '"';
if (buf_spname(curbuf) != NULL)
! STRNCPY(p, buf_spname(curbuf), psize-1);
else
{
if (!fullname && curbuf->b_fname != NULL)
